GRC Specialist; Risk and Compliance - Fully Remote
Position: GRC Specialist (Risk and Compliance) - Fully Remote Location: Town of Poland Do you enjoy combining security, risk, and compliance with practical, scalable solutions rather than pure “check-the-box” compliance? Do you enjoy cross-functional work with Security, Engineering, and IT? Great, please read on as we have the role for you! We’re partnering with a fast-growing, international Legal Tech / SaaS company that builds a leading legal data intelligence platform used globally. Their Security organization is investing heavily in modern, technology-driven governance, risk & compliance (GRC) and is now looking for an Advanced Risk & Compliance Analyst to join the team in Poland. This is an opportunity to work in a security-focused environment, within an international team, where you’ll have a real impact on how security controls are designed, tested, and automated across a global SaaS product. You will be a member of the Governance, Risk & Compliance (GRC) team within the Security function. Your work will focus on the company’s global information security management program and control landscape. This is a fully remote B2B contract opportunity in Poland which will end at the end of 2026. Your Tasks Will Include:
- Control testing & second-line assurance:
Perform monthly control testing to validate that key security and IT controls are operating effectively.
- Conduct process and operational reviews against predefined test procedures.
- Support second-line audit-type activities, reviewing evidence and identifying gaps.
- Policy & procedure lifecycle:
Coordinate and track annual reviews of policies, standards, and procedures.
- Work with stakeholders to update and improve documentation so it’s both audit-ready and useful to the business.
- Risk & compliance program support:
Coordinate tracking of the information security management program, including control performance monitoring, risk assessments, compliance-related activities and exceptions.
- Maintain accurate control testing files and risk ratings for identified issues.
- Audit support:
Prepare and organize evidence for internal and external audits.
- Support engagements aligned to frameworks such as ISO/IEC 27001/27018, NIST 800-53, and SOC 2.
- Work with auditors to explain controls, processes, and remediation actions.
- Automation & workflow improvement:
Help develop and operationalize automated evidence collection processes integrated with control workflows and ticketing systems, reducing manual effort and audit friction. To be a good fit for the GRC Specialist (Risk and Compliance) role, you will have:
- 2+ years of professional experience in Risk management, Internal audit (especially IT audit), Security/compliance or GRC roles
- Experience with ISO/IEC 27001/ 27018, SOC 2 knowledge is a plus
- Experience with external and/or internal audit, control development, and control development and testing
- Experience with in a SaaS environment or another higher regulated environment
- Experience with GRC tools such as Archer, Service Now, Logic Gate or similar
- Clearly articulate risk and control concepts to both technical and non-technical stakeholders.
- Experience with project management tools like JIRA or Asana is desired
- Nice to have experience in designing or supporting automated evidence collection workflows for audits, control testing, or continuous compliance programs.
What’s in it for you
- Work on a leading global tech product in the Legal Tech space, where security and compliance are critical.
- Be part of a growing, international GRC team with a mandate to modernize and improve how security controls are designed, tested, and automated.
- Gain exposure to multiple security frameworks and certifications (ISO, SOC 2, NIST).
- The chance to shape and improve processes, not just execute them.
#J-18808-Ljbffr Apply tot his job Apply To this Job